According to a first-of-its-kind report released today by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2018 Year in Review, public K-12 education agencies across the country experienced a total of 122 cybersecurity incidents during calendar year 2018. Many of these incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities, tax fraud and altered school records. “Public schools are increasingly relying on technology for teaching, learning and school operations,” notes Douglas A. Levin, president of EdTech Strategies and report author. “It should hardly be surprising, therefore, that they are experiencing the same types of data breaches and cybersecurity incidents that have plagued even the most advanced and well-resourced corporations and government agencies.”

The interactive report includes a timeline of local TV news reports of the "Top 10" cybersecurity incidents of 2018, which helps to portray both the variety and real-world impact of cyber incidents affecting public school students and educators.

Data for the 2018 report is drawn from publicly disclosed incidents – including data breaches, phishing attacks, ransomware and other malware incidents, and denial of service attacks – cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:

Publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools and other public education agencies (such as regional and state agencies), especially those that occur on K-12 managed networks and devices.

Characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

Between January 2016 and 7 Feb 2019, the K-12 Cyber Incident Map has documented 419 publicly disclosed incidents, which equates to a rate of about one new publicly-reported incident every three days.

Ultimately, the goal of policymakers, technologists and school leaders must be to reduce and better manage the cybersecurity risks facing increasingly technologically dependent schools. “But make no mistake: keeping K-12 schools ‘cyber secure’ is a wicked problem – one that is assured to get worse until we take meaningful steps to address it,” says Mr. Levin. “This report and the ongoing work of the K-12 Cybersecurity Resource Center are only small, but necessary steps in a much longer journey.”

Publication of the report was sponsored by Core BTS, Managed Methods, and PC Matic PRO.

The K-12 Cybersecurity Resource Center was launched in 2018 to build a knowledge base about the emerging cybersecurity risks facing U.S. K-12 public schools and to help identify and implement promising policies and practices to better manage those risks. It is maintained as a free, independent service to the K-12 community by EdTech Strategies LLC, a boutique consultancy focused on providing strategic research and counsel on issues at the intersection of education, public policy, technology and innovation.